CodeDevMLH/ToDo-App_Node.js_Test
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ToDo-App_Node.js_Test/middleware/authMiddleware.js

83 lines
2.9 KiB
JavaScript
Raw Permalink Blame History

// middleware/authMiddleware.js
// Middleware to protect routes by verifying JWT
const jwt = require('jsonwebtoken');
require('dotenv').config();
const JWT_SECRET = process.env.JWT_SECRET;
// Security measure - add token expiration check
const tokenIsExpired = (exp) => {
const currentTime = Math.floor(Date.now() / 1000);
return exp < currentTime;
};
const authenticateToken = (req, res, next) => {
// Get token from the 'token' cookie
const token = req.cookies.token;
// Enhanced debug logging
console.log('Auth Request:', {
path: req.path,
method: req.method,
contentType: req.headers['content-type'],
accept: req.headers.accept,
hasToken: !!token, // Log if token exists (true/false)
cookies: Object.keys(req.cookies) // Log all cookie names
});
// More precise API request detection - already good
const isApiRequest = req.path.startsWith('/api/') ||
req.xhr ||
(req.headers['content-type'] && req.headers['content-type'].includes('application/json')) ||
(req.headers.accept && req.headers.accept.includes('application/json'));
// If no token is present, deny access
if (!token) {
console.log('No token found, request is API?', isApiRequest);
// If the request is for an API endpoint, return 401 Unauthorized
if (isApiRequest) {
return res.status(401).json({ message: 'Zugriff verweigert. Nicht authentifiziert.' });
}
// Otherwise, redirect to the login page
return res.redirect('/login');
}
// Verify the token with better error reporting
jwt.verify(token, JWT_SECRET, (err, user) => {
if (err) {
console.error('JWT Verification Error:', err.message, err.name);
res.clearCookie('token');
if (err.name === 'TokenExpiredError') {
if (isApiRequest) {
return res.status(401).json({ message: 'Sitzung abgelaufen. Bitte melden Sie sich erneut an.' });
}
return res.redirect('/login?expired=true');
}
if (isApiRequest) {
return res.status(403).json({ message: 'Token ungültig oder abgelaufen.' });
}
return res.redirect('/login');
}
// Additional check for token expiration as a security measure
if (user.exp && tokenIsExpired(user.exp)) {
console.warn('Token expired but not caught by jwt.verify');
res.clearCookie('token');
if (isApiRequest) {
return res.status(401).json({ message: 'Sitzung abgelaufen. Bitte melden Sie sich erneut an.' });
}
return res.redirect('/login?expired=true');
}
// If token is valid, attach the decoded user information (payload) to the request object
req.user = user;
// Add debug logging for successful auth
console.log('Authentication successful for user:', user.username, 'user ID:', user.id);
next();
});
};
module.exports = authenticateToken;
Reference in New Issue View Git Blame Copy Permalink